Anybody have a pointer to scripts to map IP to AS?
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked their miscreant customers.
http://isc.sans.org/port_details.html?port=1434
On Thu, 20 Feb 2003, William Allen Simpson wrote:
Anybody have a pointer to scripts to map IP to AS?
Google is your friend ;-)
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked
On Thu, 20 Feb 2003, William Allen Simpson wrote:
Anybody have a pointer to scripts to map IP to AS?
I suspect the easiest thing to do would be to write some code to query a
looking glass, perhaps even install your own for this
There are still 10K-20K hosts spewing M$SQL slammer
At 08:07 AM 20-02-03 -0600, Alif The Terrible wrote:
On Thu, 20 Feb 2003, William Allen Simpson wrote:
Anybody have a pointer to scripts to map IP to AS?
Google is your friend ;-)
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked their miscreant customers.
Its too early for such harsh measures. Unless you can live without
most major consumer ISPs.
I don't
Then you'd better reach over to all of your upstream routers and just pull
the plug, since you are likely to see Sapphire packets from here on in, on a
regular basis.
Better is to do the whois lookup and send pre-formatted e-mail about the
infected server as people did after Code-Red.
On Thu, Feb 20, 2003 at 08:09:31AM -0500, William Allen Simpson quacked:
Anybody have a pointer to scripts to map IP to AS?
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked
Careful. Many whoisds don't appreciate automated queries will block YOUR
ip address for sometime if you cross their max query rate threshold.
You can use a quick perl wrapper around whois, or you
could use this terribly ugly hacked up traceroute-ng that I
wrote to do lookups:
I should have been a bit more specific. The hacked up traceroute-ng
queries the radb, not a whoisd. I've never had problems
being blocked when doing radb queries, but YMMV, of course. I also
suggest that people be nice and rate-limit their queries so that
others don't have to do it for them...
### On Thu, 20 Feb 2003 09:11:02 -0800, Martin J. Levy [EMAIL PROTECTED]
### casually decided to expound upon David G. Andersen [EMAIL PROTECTED],
### William Allen Simpson [EMAIL PROTECTED] the following thoughts
### about Re: scripts to map IP to AS?:
MJV Dave (and anyone that downloads
On Thu, 20 Feb 2003 12:14:28 PST, Jake Khuon [EMAIL PROTECTED] said:
Just a reminder to everyone who intends to query the IRR/RADB... Please be
nice to the RADB whois server and don't DoS it. Open a persistant
Are there any recommendations for caching of the results? Do, don't, not for
over
-0500, William Allen Simpson
wrote:
Anybody have a pointer to scripts
to map IP to AS?
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked their miscreant customers.
http://isc.sans.org
### On Thu, 20 Feb 2003 15:25:52 -0500, [EMAIL PROTECTED] casually
### decided to expound upon [EMAIL PROTECTED] (Jake Khuon) the following
### thoughts about Re: scripts to map IP to AS? :
VK Are there any recommendations for caching of the results? Do, don't, not for
VK over 72 hours, etc? I
On Thu, 20 Feb 2003, William Allen Simpson wrote:
Anybody have a pointer to scripts to map IP to AS?
This little script works fairly well. Just feed it a file with the each
network on a seperate line. Obviously don't overload the route servers by
running it too often.
--
Simon Lyall
Hi Johannes,
] Anybody have a pointer to scripts to map IP to AS?
] Grab a routing table snapshot from the routeviews archive and run it
] through parse_bgp_dump from CAIDA's CoralReef package. Then use
] CAIDA::ASFinder or Net::Patricia to do the lookups.
In fact I have 2 scripts to do
15 matches
Mail list logo